[ERROR] java.lang.NullPointerException

[JJ-288]

Describe the bug Hi, we currently use the OWASP dependency check Azure DevOps extension from https://github.com/dependency-check/azuredevops

Our pipelines are currently set to retrieve the latest version of DependencyCheck but we have recently seen the error below. When we specify the version beforehand (v8.1.2), it works just fine.

Version of dependency-check used The problem occurs using version 8.2.0

Log file [WARN] Unable to determine Package-URL identifiers for 3 dependencies [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (3 seconds) [INFO] Writing report to: /home/vsts/work/1/TestResults/dependency-check/dependency-check-report.html [INFO] Writing report to: /home/vsts/work/1/TestResults/dependency-check/dependency-check-junit.xml [ERROR] java.lang.NullPointerException [ERROR] java.lang.NullPointerException [ERROR] java.lang.NullPointerException

Dependency Check completed with exit code 14. Dependency Check reports: [ '/home/vsts/work/1/TestResults/dependency-check/dependency-check-junit.xml', '/home/vsts/work/1/TestResults/dependency-check/dependency-check-report.html' ] Dependency Check failed with message "Dependency Check exited with an error code (exit code: 14)."

[error]Dependency Check exited with an error code (exit code: 14).

Ending Dependency Check... Finishing: Scan Dependencies

[jeremylong]

Any chance you can generate an actual log that would indicate where the NPE occurs? --log=odc.log and then provide the log file to us?

[PalumboT]

Hello. Same problem here. Here is the last lines of an actual log :

----------------------------------------------------
END ANALYSIS
----------------------------------------------------
2023-03-22 13:46:39,028 org.owasp.dependencycheck.Engine:685
INFO  - Analysis Complete (3 seconds)
2023-03-22 13:46:39,043 org.apache.velocity.runtime.RuntimeInstance:272
DEBUG - Initializing Velocity, Calling init()...
2023-03-22 13:46:39,059 org.apache.velocity.runtime.RuntimeInstance:276
DEBUG - Starting Apache Velocity v2.3
2023-03-22 13:46:39,059 org.apache.velocity.runtime.RuntimeInstance:522
DEBUG - Default Properties resource: org/apache/velocity/runtime/defaults/velocity.properties
2023-03-22 13:46:39,075 org.apache.velocity.runtime.resource.loader.ResourceLoaderFactory:48
DEBUG - ResourceLoader instantiated: org.apache.velocity.runtime.resource.loader.FileResourceLoader
2023-03-22 13:46:39,075 org.apache.velocity.runtime.resource.loader.FileResourceLoader:84
DEBUG - FileResourceLoader: adding path '.'
2023-03-22 13:46:39,075 org.apache.velocity.runtime.resource.ResourceCacheImpl:119
DEBUG - initialized (class org.apache.velocity.runtime.resource.ResourceCacheImpl) with class java.util.Collections$SynchronizedMap cache map.
2023-03-22 13:46:39,075 org.apache.velocity.runtime.RuntimeInstance:1081
DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Stop
2023-03-22 13:46:39,075 org.apache.velocity.runtime.RuntimeInstance:1081
DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Define
2023-03-22 13:46:39,075 org.apache.velocity.runtime.RuntimeInstance:1081
DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Break
2023-03-22 13:46:39,075 org.apache.velocity.runtime.RuntimeInstance:1081
DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Evaluate
2023-03-22 13:46:39,075 org.apache.velocity.runtime.RuntimeInstance:1081
DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Macro
2023-03-22 13:46:39,075 org.apache.velocity.runtime.RuntimeInstance:1081
DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Parse
2023-03-22 13:46:39,075 org.apache.velocity.runtime.RuntimeInstance:1081
DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Include
2023-03-22 13:46:39,075 org.apache.velocity.runtime.RuntimeInstance:1081
DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Foreach
2023-03-22 13:46:39,106 org.apache.velocity.runtime.ParserPoolImpl:57
DEBUG - Created '20' parsers.
2023-03-22 13:46:39,121 org.apache.velocity.runtime.VelocimacroFactory:152
DEBUG - "velocimacro.library.path" is not set. Trying default library: velocimacros.vtl
2023-03-22 13:46:39,137 org.apache.velocity.runtime.VelocimacroFactory:162
DEBUG - Default library velocimacros.vtl not found. Trying old default library: VM_global_library.vm
2023-03-22 13:46:39,137 org.apache.velocity.runtime.VelocimacroFactory:169
DEBUG - Old default library VM_global_library.vm not found.
2023-03-22 13:46:39,137 org.apache.velocity.runtime.VelocimacroFactory:253
DEBUG - allowInline = true: VMs can be defined inline in templates
2023-03-22 13:46:39,137 org.apache.velocity.runtime.VelocimacroFactory:274
DEBUG - allowInlineToOverride = false: VMs defined inline may NOT replace previous VM definitions
2023-03-22 13:46:39,137 org.apache.velocity.runtime.VelocimacroFactory:297
DEBUG - allowInlineLocal = false: VMs defined inline will be global in scope if allowed.
2023-03-22 13:46:39,137 org.apache.velocity.runtime.VelocimacroFactory:315
DEBUG - autoload off: VM system will not automatically reload global library macros
2023-03-22 13:46:39,137 org.owasp.dependencycheck.reporting.ReportGenerator:413
INFO  - Writing report to: C:\agent\_work\156\TestResults\dependency-check\dependency-check-report.html
2023-03-22 13:46:39,293 org.apache.velocity.runtime.VelocimacroFactory:385
DEBUG - added VM writeHtmlException: source=org.apache.velocity.Template@6869a3b3
2023-03-22 13:46:39,371 org.apache.velocity.runtime.parser.node.ASTReference:608
DEBUG - Null reference [template 'templates/htmlReport.vsl', line 695, column 84]: $enc.html($ex.getMessage()) cannot be resolved.
2023-03-22 13:46:39,371 org.apache.velocity.runtime.parser.node.ASTReference:608
DEBUG - Null reference [template 'templates/htmlReport.vsl', line 695, column 84]: $enc.html($ex.getMessage()) cannot be resolved.
2023-03-22 13:46:39,371 org.apache.velocity.runtime.parser.node.ASTReference:608
DEBUG - Null reference [template 'templates/htmlReport.vsl', line 695, column 84]: $enc.html($ex.getMessage()) cannot be resolved.
2023-03-22 13:46:39,371 org.apache.velocity.runtime.parser.node.ASTReference:608
DEBUG - Null reference [template 'templates/htmlReport.vsl', line 695, column 84]: $enc.html($ex.getMessage()) cannot be resolved.
2023-03-22 13:46:39,387 org.owasp.dependencycheck.data.nvdcve.CveDB:311
DEBUG - Closing database
2023-03-22 13:46:39,387 org.owasp.dependencycheck.data.nvdcve.CveDB:313
DEBUG - Cache cleared
2023-03-22 13:46:39,387 org.owasp.dependencycheck.data.nvdcve.CveDB:316
DEBUG - Connection closed
2023-03-22 13:46:39,387 org.owasp.dependencycheck.data.nvdcve.CveDB:322
DEBUG - Resources released
2023-03-22 13:46:39,387 org.owasp.dependencycheck.data.nvdcve.DriverLoader:57
DEBUG - Begin deregister driver
2023-03-22 13:46:39,387 org.owasp.dependencycheck.data.nvdcve.DriverLoader:59
DEBUG - End deregister driver
2023-03-22 13:46:39,731 org.owasp.dependencycheck.App:213
ERROR - java.lang.NullPointerException
2023-03-22 13:46:39,731 org.owasp.dependencycheck.App:214
DEBUG - unexpected error
org.owasp.dependencycheck.analyzer.exception.AnalysisException: java.lang.NullPointerException
    at org.owasp.dependencycheck.analyzer.MSBuildProjectAnalyzer.analyzeDependency(MSBuildProjectAnalyzer.java:210)
    at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131)
    at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
    at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
    at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at java.base/java.lang.Thread.run(Thread.java:830)
Caused by: java.lang.NullPointerException: null
    at org.owasp.dependencycheck.analyzer.MSBuildProjectAnalyzer.loadDirectoryBuildProps(MSBuildProjectAnalyzer.java:231)
    at org.owasp.dependencycheck.analyzer.MSBuildProjectAnalyzer.analyzeDependency(MSBuildProjectAnalyzer.java:143)
    ... 7 common frames omitted
2023-03-22 13:46:39,731 org.owasp.dependencycheck.App:213
ERROR - java.lang.NullPointerException
2023-03-22 13:46:39,731 org.owasp.dependencycheck.App:214
DEBUG - unexpected error
org.owasp.dependencycheck.analyzer.exception.AnalysisException: java.lang.NullPointerException
    at org.owasp.dependencycheck.analyzer.MSBuildProjectAnalyzer.analyzeDependency(MSBuildProjectAnalyzer.java:210)
    at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131)
    at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
    at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
    at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at java.base/java.lang.Thread.run(Thread.java:830)
Caused by: java.lang.NullPointerException: null
    at org.owasp.dependencycheck.analyzer.MSBuildProjectAnalyzer.loadDirectoryBuildProps(MSBuildProjectAnalyzer.java:231)
    at org.owasp.dependencycheck.analyzer.MSBuildProjectAnalyzer.analyzeDependency(MSBuildProjectAnalyzer.java:143)
    ... 7 common frames omitted
2023-03-22 13:46:39,731 org.owasp.dependencycheck.App:213
ERROR - java.lang.NullPointerException
2023-03-22 13:46:39,731 org.owasp.dependencycheck.App:214
DEBUG - unexpected error
org.owasp.dependencycheck.analyzer.exception.AnalysisException: java.lang.NullPointerException
    at org.owasp.dependencycheck.analyzer.MSBuildProjectAnalyzer.analyzeDependency(MSBuildProjectAnalyzer.java:210)
    at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131)
    at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
    at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
    at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at java.base/java.lang.Thread.run(Thread.java:830)
Caused by: java.lang.NullPointerException: null
    at org.owasp.dependencycheck.analyzer.MSBuildProjectAnalyzer.loadDirectoryBuildProps(MSBuildProjectAnalyzer.java:231)
    at org.owasp.dependencycheck.analyzer.MSBuildProjectAnalyzer.analyzeDependency(MSBuildProjectAnalyzer.java:143)
    ... 7 common frames omitted
2023-03-22 13:46:39,731 org.owasp.dependencycheck.App:213
ERROR - java.lang.NullPointerException
2023-03-22 13:46:39,731 org.owasp.dependencycheck.App:214
DEBUG - unexpected error
org.owasp.dependencycheck.analyzer.exception.AnalysisException: java.lang.NullPointerException
    at org.owasp.dependencycheck.analyzer.MSBuildProjectAnalyzer.analyzeDependency(MSBuildProjectAnalyzer.java:210)
    at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131)
    at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
    at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
    at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at java.base/java.lang.Thread.run(Thread.java:830)
Caused by: java.lang.NullPointerException: null
    at org.owasp.dependencycheck.analyzer.MSBuildProjectAnalyzer.loadDirectoryBuildProps(MSBuildProjectAnalyzer.java:231)
    at org.owasp.dependencycheck.analyzer.MSBuildProjectAnalyzer.analyzeDependency(MSBuildProjectAnalyzer.java:143)
    ... 7 common frames omitted
2023-03-22 13:46:39,731 org.owasp.dependencycheck.utils.Settings:891
DEBUG - Deleting ALL temporary files from `C:\Users\UsrBuild\AppData\Local\Temp\dctemp963b1c88-89a9-486c-a05c-9abdd3e2f7c9`
2023-03-22 13:46:39,778 org.owasp.dependencycheck.App:87
DEBUG - Exit code: 14

[JJ-288]

Apologies for the delayed response. The log above is near identical to the one I've seen so will refer to that one.

[jiri-bocan]

Seeing the same behavior/error with using ver. 8.2.0.

[rogerhendriks]

[hilari0n]

It seems to be failing, when Directory.Build.props file is not present and working correctly, when there's one. At least it looks like it, from looking at a couple of our various builds with DependencyCheck in them.

[AieatAssam]

It seems to be failing, when Directory.Build.props file is not present and working correctly, when there's one. At least it looks like it, from looking at a couple of our various builds with DependencyCheck in them.

Encountered the same error in our Azure pipelines and adding Directory.Build.props allowed the builds to complete again. Thank you for the temporary workaround. Waiting for proper fix.

[jeremylong]

Fix will be published shortly. See #5578.